We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
severe virus please help
Options
crystal9
Posts: 3,813 Forumite
in Techie Stuff
Hello
I would like some help please, yesterday i noticed my laptop playing up running slow and when googling it sent me to other pages etc, so did a scan via microsoft essentials it came up with a virus which was severe so did as it asked and it said to restart laptop but its not gone.
i have tried doing a highjack this and it won't load for some reason also tried using malwarebytes and that won't load either. Tried uninstalling malwarebytes and re-installing but still won't work.
all i can tell you is i'm using windows 7 and safari.
can someone please help as it has already shut laptop down once to stop damage.
I would like some help please, yesterday i noticed my laptop playing up running slow and when googling it sent me to other pages etc, so did a scan via microsoft essentials it came up with a virus which was severe so did as it asked and it said to restart laptop but its not gone.
i have tried doing a highjack this and it won't load for some reason also tried using malwarebytes and that won't load either. Tried uninstalling malwarebytes and re-installing but still won't work.
all i can tell you is i'm using windows 7 and safari.
can someone please help as it has already shut laptop down once to stop damage.
have now given up smoking since feb 13th 2014 loving the money I'm saving
0
Comments
-
i have managed to download and scan via superantispyware here's the log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/21/2010 at 09:22 AM
Application Version : 4.44.1000
Core Rules Database Version : 5610
Trace Rules Database Version: 3422
Scan type : Complete Scan
Total Scan Time : 00:40:25
Memory items scanned : 697
Memory threats detected : 0
Registry items scanned : 9740
Registry threats detected : 30
File items scanned : 23490
File threats detected : 208
Trojan.ba3bho
HKLM\Software\Classes\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}
HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}
HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}
HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\InprocServer32
HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\InprocServer32#ThreadingModel
HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\ProgID
HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\Programmable
HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\TypeLib
HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\VersionIndependentProgID
HKCR\Ba3bho.ba3HelperObj.1
HKCR\Ba3bho.ba3HelperObj.1\CLSID
HKCR\Ba3bho.ba3HelperObj
HKCR\Ba3bho.ba3HelperObj\CLSID
HKCR\Ba3bho.ba3HelperObj\CurVer
HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}
HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}\1.0
HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}\1.0\0
HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}\1.0\0\win32
HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}\1.0\FLAGS
HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}\1.0\HELPDIR
C:\PROGRA~1\TEXTHE~1\READAN~1\BA3BHO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A17B153F-2267-4161-A165-73DCD6C31BEF}
HKU\S-1-5-21-172327023-297257042-3963200388-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A17B153F-2267-4161-A165-73DCD6C31BEF}
HKCR\Interface\{74E39141-FD38-41DE-842D-01FDDE1854C0}
HKCR\Interface\{74E39141-FD38-41DE-842D-01FDDE1854C0}\ProxyStubClsid
HKCR\Interface\{74E39141-FD38-41DE-842D-01FDDE1854C0}\ProxyStubClsid32
HKCR\Interface\{74E39141-FD38-41DE-842D-01FDDE1854C0}\TypeLib
HKCR\Interface\{74E39141-FD38-41DE-842D-01FDDE1854C0}\TypeLib#Version
Adware.Tracking Cookie
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@uk.sitestat[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@serving-sys[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@www.googleadservices[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[6].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[8].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[3].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@www.burstnet[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@imrworldwide[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@apmebf[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[4].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[9].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[7].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[4].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adserver.adtechus[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[7].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[5].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@dialaphone.122.2o7[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@fastclick[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[5].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@www.googleadservices[3].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adserver.adtechus[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@www.googleadservices[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@ad.yieldmanager[3].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adviva[3].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@microsoftsto.112.2o7[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@burstnet[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[5].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@bs.serving-sys[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@ad.yieldmanager[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@tacoda[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@media6degrees[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@serving-sys[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[4].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@content.yieldmanager[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@burstnetads[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[3].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[7].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[8].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[7].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@surveymonkey.122.2o7[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[9].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adviva[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@122.2o7[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[6].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@e-2dj6whlowjdzakp.stats.esomniture[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@sesamestats[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[9].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@tacoda[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@ad.yieldmanager[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@ad.yieldmanager[5].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[4].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@bs.serving-sys[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[6].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adviva[4].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[3].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[3].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@2o7[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@ad.yieldmanager[4].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[3].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[10].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[5].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@fastclick[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@statse.webtrendslive[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@chitika[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@tacoda[3].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[6].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[8].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[5].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[7].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@mediaplex[2].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@questionmarket[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[1].txt
C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[1].txt
.serving-sys.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.advertising.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.advertising.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
ia.media-imdb.com [ C:\Users\the doddy family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZ39DDF3 ]
media.scanscout.com [ C:\Users\the doddy family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZ39DDF3 ]
secure-it.imrworldwide.com [ C:\Users\the doddy family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZ39DDF3 ]
secure-us.imrworldwide.com [ C:\Users\the doddy family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZ39DDF3 ]
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@lego.112.2o7[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@advertising[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@burstnet[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@atdmt[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@www.googleadservices[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@serving-sys[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@media6degrees[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@2o7[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@fastclick[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@adtech[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@www.googleadservices[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@tribalfusion[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@specificclick[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@apmebf[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@ad.yieldmanager[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@uk.at.atwola[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@ads.gmodules[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@doubleclick[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@adserver.adtechus[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@bs.serving-sys[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@revsci[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@adviva[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@imrworldwide[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@www.googleadservices[3].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.basrv[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@advertising[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@collective-media[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@liveperson[3].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@kronos.bravenetmedia[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.pubmatic[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@advertise[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@zanox[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@clicksor[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@smartadx[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@vidasco.rotator.hadj7.adjuggler[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ad.adfunky[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@harrenmedianetwork[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@atdmt[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ru4[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@click.searchnation[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@click.fastpartner[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@tradedoubler[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@server.cpmstar[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@www.gomeotrack[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@at.atwola[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@247realmedia[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@media6degrees[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@associatedcontent.112.2o7[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adserver1.mokono[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@uk.findstuff[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@xml.trafficengine[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@questionmarket[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@fastclick[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adtech[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@indoormedia.co[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ehg-findlaw.hitbox[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ad.yieldmanager[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.smartadx[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@revsci[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@eas.apm.emediate[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@rotator.adjuggler[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@hitbox[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@user.lucidmedia[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.raasnet[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@servedby.adxpower[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@overture[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adxpose[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@d.dmcpmtrack[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ds.clickexperts[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@pro-market[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@apmebf[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@opti.inextmedia[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@xm.xtendmedia[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@trafficengine[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@serving-sys[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@specificclick[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adecn[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@uk.at.atwola[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@content.yieldmanager[3].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@liveperson[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@track.adform[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@tribalfusion[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ad.harrenmedianetwork[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@bs.serving-sys[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@myroitracking[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adbrite[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@server.iad.liveperson[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@casalemedia[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adviva[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@content.yieldmanager[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@mediaplex[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@bizzclick[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@findlaw[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@zedo[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@tacoda[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@doubleclick[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.myadplatform[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.associatedcontent[2].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@d.reduxmedia[1].txt
C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@imrworldwide[2].txt
Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER
HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER
Malware.Trace
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.jobhave now given up smoking since feb 13th 2014 loving the money I'm saving0 -
Have you tried starting the laptop in Safemode and then running Malwarebytes? In order to start in Safemode you need to press the F8 key when you switch the laptop on. Normally if you press it when the BIOS screen appears (where it says press ESC to enter setup, or something similar) you will be given a selection screen. Select Safemode and the computer will start with minimal services running. Hopefully that will allow you to run Malwarebytes and remove your problem.
You will need to update Malwarebytes so use Safemode with networking if you connect to the Internet via a router.0 -
Have you tried starting the laptop in Safemode and then running Malwarebytes? In order to start in Safemode you need to press the F8 key when you switch the laptop on. Normally if you press it when the BIOS screen appears (where it says press ESC to enter setup, or something similar) you will be given a selection screen. Select Safemode and the computer will start with minimal services running. Hopefully that will allow you to run Malwarebytes and remove your problem.
You will need to update Malwarebytes so use Safemode with networking if you connect to the Internet via a router.
thanks for your reply,
i havn't loaded up in safe mode yet so will try this now and let you knowhave now given up smoking since feb 13th 2014 loving the money I'm saving0 -
It's worth a try, also run a full virus scan while in safe mode and see what it picks up and removes. What anti-virus are you using?0
-
i'm in safe mode now and downloaded malwarebytes again but it still don't work, i use microsoft anti virushave now given up smoking since feb 13th 2014 loving the money I'm saving0
-
Trojan.DNS-Changer (Hi-Jacked DNS)
Changed your DNS ??? so you will need to check DNS once trojan cleared .
jje0 -
managed a highjack this in safe mode here's the log
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 09:46:47, on 21/10/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TE4470~1.DLL
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [XMA] C:\Program Files\XMA Ltd\Licenses.exe
O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe"
O4 - HKLM\..\Run: [lxdqamon] "C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Parent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe
--
End of file - 7607 byteshave now given up smoking since feb 13th 2014 loving the money I'm saving0 -
-
Save http://www.surfright.nl/en/hitmanpro to desktop
Then Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes will be terminated, including the malware process before the scan.0 -
thanks for replySave http://www.surfright.nl/en/hitmanpro to desktop
Then Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes will be terminated, including the malware process before the scan.
ok have done this and a load of stuff came up to be deleted including malwarebytes just trying to do another scan and will report backhave now given up smoking since feb 13th 2014 loving the money I'm saving0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.7K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.7K Work, Benefits & Business
- 598.5K Mortgages, Homes & Bills
- 176.8K Life & Family
- 256.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards